Breach Analytics Framework

The Breach Analytics Framework is the heart and soul of Click Security’s solution. It provides essential intelligence to security team applications by managing data consumption, stream processing of all alerts/indicators, and handling of third-party threat intelligence, while maintaining state on each and every actor at all times.

​

Click Labs breach analytic and kill chain profile processing

Intelligence feed management – blacklists, geo-location, ASN, etc.

Analytic development support and correlation framework

How it works

The framework provides the technical underpinning that enables our solution to rapidly identify the “signal within the big data noise” derived from running the right analytics, which begets the right data sources. Utilizing network traffic, event logs, and even file content sets it apart from “point security analytic players” focused on user identity, application behavior, or file analysis alone.

Operating at the juncture of these worlds enables unique and highly extensible event and kill chain pattern analytics that detect a broad array of attack activity with speed and contextual accuracy. Now, the number one problem all organizations face today of too many alerts and not enough context so the real signals are missed until it is too late, can be overcome.

This is accomplished by the Breach Analytics Framework’s inherent capabilities:

Places analytics into a stream processing engine capable of holding actor state in memory, such that the next event, alert, or other indicators are linked to weeks to months of actor state tracking – enabling rapid, contextual detection of early kill chain activity